Mercurial Mercurial > prosody > prosody-modules / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
mod_http_oauth2: Bail out of implicit flow on invalid or missing redirect
authorKim Alvefur <zash@zash.se>
Sat, 06 May 2023 12:23:22 +0200
changeset 5424 aa068449b0b6
parent 5423 a0333176303c
child 5425 a58ba20b3a71
mod_http_oauth2: Bail out of implicit flow on invalid or missing redirect Probably hasn't been tested, and maybe never will since it's disabled and more or less deprecated in OAuth 2.1
mod_http_oauth2/mod_http_oauth2.lua file | annotate | diff | comparison | revisions 
--- a/mod_http_oauth2/mod_http_oauth2.lua	Fri May 05 21:32:34 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Sat May 06 12:23:22 2023 +0200
@@ -337,6 +337,7 @@
 	local token_info = new_access_token(granted_jid, granted_role, granted_scopes, client, nil);
 
 	local redirect = url.parse(get_redirect_uri(client, params.redirect_uri));
+	if not redirect then return 400; end
 	token_info.state = params.state;
 	redirect.fragment = http.formencode(token_info);
prosody-modules